From 53d6395581f8a1cca470ac1af553ef944ec1cf8b Mon Sep 17 00:00:00 2001 From: Jonas Pettersson Date: Mon, 11 May 2020 22:56:40 +0200 Subject: [PATCH] Add variable expansion for params in Projected Volume fields A [projected volume](https://kubernetes.io/docs/concepts/storage/volumes/#projected) can mount/project files from `Secrets`, `ConfigMaps` and `ServiceAccountTokens`. Is is good if the end user can choose the name of `Secrets`, `ConfigMaps` and the audience of `ServiceAccountTokens`. With this commit, the task author can use `params` for `secret.name`, `configmap.name` and `serviceaccounttoken.audience` in a Projected Volume. See examples of use cases in #2597 Fixes #2597 --- docs/tasks.md | 2 +- pkg/reconciler/taskrun/resources/apply.go | 13 ++++++++++ .../taskrun/resources/apply_test.go | 24 +++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/docs/tasks.md b/docs/tasks.md index 985853656d7..56c526e059f 100644 --- a/docs/tasks.md +++ b/docs/tasks.md @@ -542,7 +542,7 @@ The `description` field is an optional field that allows you to add an informati `Tasks` allow you to substitute variable names for the following entities: -- [Parameters and resources]](#substituting-parameters-and-resources) +- [Parameters and resources](#substituting-parameters-and-resources) - [`Array` parameters](#substituting-array-parameters) - [`Workspaces`](#substituting-workspace-paths) - [`Volume` names and types](#substituting-volume-names-and-paths) diff --git a/pkg/reconciler/taskrun/resources/apply.go b/pkg/reconciler/taskrun/resources/apply.go index c2004106f61..fb785288491 100644 --- a/pkg/reconciler/taskrun/resources/apply.go +++ b/pkg/reconciler/taskrun/resources/apply.go @@ -166,6 +166,19 @@ func ApplyReplacements(spec *v1alpha1.TaskSpec, stringReplacements map[string]st if v.PersistentVolumeClaim != nil { spec.Volumes[i].PersistentVolumeClaim.ClaimName = substitution.ApplyReplacements(v.PersistentVolumeClaim.ClaimName, stringReplacements) } + if v.Projected != nil { + for _, s := range spec.Volumes[i].Projected.Sources { + if s.ConfigMap != nil { + s.ConfigMap.Name = substitution.ApplyReplacements(s.ConfigMap.Name, stringReplacements) + } + if s.Secret != nil { + s.Secret.Name = substitution.ApplyReplacements(s.Secret.Name, stringReplacements) + } + if s.ServiceAccountToken != nil { + s.ServiceAccountToken.Audience = substitution.ApplyReplacements(s.ServiceAccountToken.Audience, stringReplacements) + } + } + } } // Apply variable substitution to the sidecar definitions diff --git a/pkg/reconciler/taskrun/resources/apply_test.go b/pkg/reconciler/taskrun/resources/apply_test.go index c6706cf9f1a..29a59485b78 100644 --- a/pkg/reconciler/taskrun/resources/apply_test.go +++ b/pkg/reconciler/taskrun/resources/apply_test.go @@ -160,6 +160,27 @@ var ( ClaimName: "$(inputs.params.FOO)", }, }, + }, { + Name: "some-projected-volumes", + VolumeSource: corev1.VolumeSource{ + Projected: &corev1.ProjectedVolumeSource{ + Sources: []corev1.VolumeProjection{{ + ConfigMap: &corev1.ConfigMapProjection{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "$(inputs.params.FOO)", + }, + }, + Secret: &corev1.SecretProjection{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "$(inputs.params.FOO)", + }, + }, + ServiceAccountToken: &corev1.ServiceAccountTokenProjection{ + Audience: "$(inputs.params.FOO)", + }, + }}, + }, + }, }}, Resources: &v1beta1.TaskResources{ Inputs: []v1alpha1.TaskResource{{ @@ -519,6 +540,9 @@ func TestApplyParameters(t *testing.T) { spec.Volumes[0].VolumeSource.ConfigMap.LocalObjectReference.Name = "world" spec.Volumes[1].VolumeSource.Secret.SecretName = "world" spec.Volumes[2].VolumeSource.PersistentVolumeClaim.ClaimName = "world" + spec.Volumes[3].VolumeSource.Projected.Sources[0].ConfigMap.Name = "world" + spec.Volumes[3].VolumeSource.Projected.Sources[0].Secret.Name = "world" + spec.Volumes[3].VolumeSource.Projected.Sources[0].ServiceAccountToken.Audience = "world" spec.Sidecars[0].Container.Image = "bar" spec.Sidecars[0].Container.Env[0].Value = "world"